CVE-2019-12107

Name
CVE-2019-12107
Description
The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp
Patch https://github.com/miniupnp/miniupnp/commit/bec6ccec63cadc95655721bc0e1dd49dac759d94
MLIST https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html
UBUNTU https://usn.ubuntu.com/4542-1/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:miniupnp.free:miniupnpd:*:*:*:*:*:*:*:* miniupnpd >= None <= 2.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
miniupnpd 3.14-community 2.2.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed